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MFTHOD AND DEVICE FOR SECU RE TRANSACTIONS 

BACKGROUND OF THE INVENTION 
The field of this invention is authorization and authentication of a user 
5 during a transaction involving a stationary terminal or PC and possibly re- 
mote servers on a computer network. One of the means to provide security in 
such a situation is to use cryptography. 

There are two main classes of encryption methods, symmetric and 
asymmetric. Symmetric encryption uses a secret key that is used both for 
io encryption end decryption. This key has to be distributed beforehand to both 
parties and kept secret at all times. Asymmetric, or public key, encryption 
schemes uses a pair of keys where one can be public and the other must be 
secret. This makes key distribution much easier since the public key can be 
published and made available for instance over Internet. 

15 

PRIOR ART 

Independent of which encryption scheme that is used authentication 
requires a secret key. Smartcards (sometimes called IC cards) solve the 
problem of keeping the keys secret even if the card is lost. By encapsulating 
20 memory and processor into one tamper-resistant microchip and using PIN- 
codes and cryptography to protect access to the keys, a lost or stolen card 
cannot be used by any unauthorized person. When used the IC card is in- 
serted into a stationary terminal having input means for entering the PIN 
code 

25 However, the stationary terminal is a possible security leak. In a typi- 

cal setting the user carries a set of smartcards and for every transaction in- 
serts one of them in a smartcard reader. The reader could be connected e.g. 
to a point-of-sales terminal, an ATM machine, or to a personal computer. In 
order to unlock the card the user provides a PIN-code or a biometric sample 

30 (e.g. a fingerprint). The device to do this is part of the card reader or terminal 
equipment. It is technically possible to manipulate such equipment to break 
the security. For instance, the PIN-code or biometric sample could be re- 
corded and used later. 
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The system disclosed in US5917913 solves this problem by provid- 
ing the user with a portable electronic authorization device. All communica- 
tion with the stationary terminal is encrypted and the user has full control of 
the reader, keyboard etc. This provides necessary conditions to prevent un- 
authorized access to information during a transaction. However, in a system 
according to US5917913 there is a problem of keeping the keys secret if the 
device is lost or stolen. 

In summary, the following two security problems are associated with 
the use of cryptographic keys for authorization and authentication of a user 
during an electronic transaction. 

Keep the key secret even when the physical storage device is 

lost or stolen and 

prevent unauthorized manipulation of the equipment in order to 
get access to secret information during a transaction. 



SUMMARY OF THE INVENTION 

An object of the present invention is to overcome both of the above 
mentioned problems. 

The invention comprises a mobile terminal with a single built-in 
smartcard optionally capable of replacing a number of separate smartcards. 
The terminal contains means for user interaction and for communication with 
another terminal, that may be stationary or mobile (in the following called the 
stationary terminal). 

Communication between the mobile and the stationary terminals can 
be based on wires or may be wireless, using IR, inductive couplings, radio, or 
any combination of those. The stationary terminal may be standalone, or 
connected to a network. In the latter case also one or several network serv- 
ers could be involved in the transaction. Then the mobile terminal could act 
as an integral part of a distributed information system. 

The smartcard is used primarily to store such data that must be pro- 
tected if the device/card is lost or stolen. In a minimal configuration the fol- 
lowing data is sufficient. 
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Card identification (possibly implying also the identity of the 
user, an account number etc.) 

Secret cryptographic key (symmetric or asymmetric encryption) 
5 • PI N-code or biometric reference 

Access to the card is possible only by providing a PIN-code or bio- 
metric sample matching the stored reference. All communication between the 
mobile and stationary terminals is encrypted using the secret key or a sepa- 
io rate session key exchanged by using the first key. 

The terminal contains means for communication with the smartcard, 
with the stationary terminal and with the user. All of this can be built by using 
standard technology and the design of the terminal does not have to be kept 
secret. However, it must be provided by a trusted party in order not to have 
15 built-in security leaks. 

Commercial documents, such as bank statements and receipts, are 
often produced as part of a transaction. The user may also want to keep 
other kinds of records, such as a time-stamped log. Using current technology 
most of this is either provided locally on paper or recorded electronically by 
20 the remote party. Both alternatives are inconvenient for the user. Ideally all 
documents related to a transaction should be stored in electronic form and 
easily be available to him in the future. Even when a smartcard is used, it has 
too limited storage space for this. 

In one embodiment of the present invention this is accomplished by 
25 including a storage facility in the terminal where all relevant information can 
be recorded during the transaction. When convenient for the user the infor- 
mation can later be downloaded to a stationary computer or network for fur- 
ther processing and long time storage. All or part of the information can be 
protected by encryption using a key stored on the smartcard. Even if the ter- 
30 minal is lost together with the smartcard this information is protected. Option- 
ally, documents can be protected by electronic signatures. 

Integrating the smartcard into the mobile terminal causes potential 
problems for the user if he has several cards. Even for a single transaction it 
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may be relevant to use more than one card (e.g. a credit card and a bonus 
card). In one embodiment of the present invention this is accomplished by 
storing many virtual cards on one physical one, a multipurpose smartcard. 
A multipurpose smartcard contains one ID part, common to all 
5 applications of the card, with 

Individual identification of the card 
At least one certificate of a cryptographic public key 
The corresponding private key(s) 
10 At least one PIN-code or biometric reference 

Optionally the ID part also may contain information such as 

Name, photograph and other information about the card holder . 
15 • Expiration date and other restrictions that may apply to the card 

Information about the issuer of the card and its security refers 
ences 

This part of the card is written once and then protected so that it can- 
20 not be changed during the lifetime of the card. 

The other main part of the protected memory of the smartcard is 
used for storing information specific to each individual application. Each entry 
in this area could optionally contain its own encryption key(s) or access 
code(s) in order to secure data and communication in addition to what is pro- 
25 vided by the key(s) in the ID part. Such an entry constitutes a virtual card. 

Virtual cards may be added and deleted after the physical card has 
been issued and distributed. The procedure of adding and deleting virtual 
cards can preferably be performed with the physical card residing in the ter- 
minal. Downloading of data corresponding to a virtual card can be protected 
30 by cryptographic protocols using the key(s) on the physical card. In this way 
a new virtual card can be added using a data communication network with no 
need for any physical transport of cards. Other features and advantages of 
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the invention appear from the description and claims below and from the ac- 
companying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention will now be described in more detail with reference to 
specific embodiments thereof shown on the accompanying drawings. 



Fig 1 is a schematic functional block diagram showing a prior art system 
for a digital transaction, 
10 Fig 2 is a diagram showing an authorizing scheme that can be used in the 
system in Fig. 1, 

Fig. 3 is a schematic functional block diagram showing a digital transaction 

system in accordance with the invention, 
Fig. 4 is a schematic block diagram showing communication path in a de- 
is vice in accordance with the invention, 

Fig. 5 is a diagram showing an authorizing scheme that can be used in the 

system in Fig. 3, 

Fig. 6 is a schematic block diagram showing one embodiment of a device in 
accordance with the invention, 
20 Fig. 7 is a schematic block diagram showing one embodiment of a smart- 
card that can be used with the device in Fig. 5, 
Fig. 8 is a schematic perspective view of a first embodiment of a device in 

accordance with the invention and 
Fig. 9 is a schematic perspective view of a second embodiment of a device 
25 in accordance with the invention. 



DETAILED DESCRIPTION 



Fig. 1 shows a basic prior art system for digital transactions. A sta- 
30 tionary terminal 10 is connected to a remote server 1 1 through a network 12. 
To provide an authorization of a user of the stationary terminal a smartcard 
13 is inserted into the stationary terminal. The user enters personal identifica- 
tion data into the smartcard through the stationary terminal by using a user 
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interaction means 16. The user interaction means can be a keyboard or a 
device for the input of a biometric sample, such as a biometric sensor. The 
identification data unlocks the smartcard and enables authorization of the 
user and a secure communication between the stationary terminal and the 
remote terminal. However, the stationary terminal can be tampered with and 
the identification data can be obtained. 

Fig. 2 shows a typical scheme where a user at a stationary terminal 
wants to be authorized by a remote network server. The scheme can be used 
in the prior art system shown in Fig. 1 and also in a system according to the 
present invention. The authentication process of the user (1) is performed 
first by entering personal identification data into the IC card. Then the sta- 
tionary terminal requests to establish contact (2) with the remote server. The 
request is picked up and accepted (3) by the remote server. When contact 
has been established, the remote server sends a random number, called the „ 
challenge (4). The stationary terminal receives this number, encrypts it (6) 
together with an identification of the user and returns the result, called the 
response (6). At the remote server this message is decrypted, and the result 
compared with the challenge (7). If they are identical, it means that the IC 
card is authentic, since it uses the right key. The purpose of the random 
number is to ensure that the user is actually present and that the response is 
not just a replay of a message that has been recorded during some previous 
transaction. The steps 1-7 are essential in most communication schemes. 

Every time a new number is sent as challenge. If the same encryp- 
tion key is used, the encrypted messages will be different. Even if somebody 
is picking up the communication he cannot give the correct response to the 
next challenge trying to imitate the legitimate user. 

Following this authentication of the user at the remote terminal there 
could for instance be a commercial transaction such as a credit card pay- 
ment. The figure shows an example where the same cryptographic scheme 
is used as for the authentication. 

Fig. 2 also shows further steps that are taken when a purchase is 
made. The remote server sends the amount to be paid (8) for the purchase. 
The amount is received by the stationary terminal (9) and confirmed by send- 
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ing the amount encrypted (10) as described above. The amount is received 
and decrypted by the remote server (11) and further checked locally (12). A 
confirmation finally is sent (13) by the remote server and received (14) by the 
stationary terminal. The steps 8-14 can be replaced by similar or correspond- 
5 ing steps for other types of transactions. 

PREFERRED EMBODIMENT 

In a preferred embodiment as shown in Fig. 3 the electronics of a 
mobile terminal 14 is designed around a microcontroller 15 to which the 

10 smartcard 13 and all other main parts are connected. As a main feature of 
the invention the user interaction means 16 is included in the mobile terminal 
14. All communication between the smartcard 13 and the user is carried out 
through the mobile terminal 14 (see Fig. 4 also). Thus, the user is authenti- 
cated by the smartcard through a device that can be protected against unau- 

15 thorized operations. The smartcard is then authenticated by the stationary 

terminal 10 in a protected environment. The stationary terminal 10 can be au- 
thenticated by the remote server 11 through the network 12 in a conventional 
manner. 

The protecting property of the mobile terminal 14 is apparent from 
20 Fig. 4. No transactions with the smartcard 13 can occur other than through 
the mobile terminal. This applies to the user 17 and to external devices such 
as the stationary terminal 10. All further transactions with the remote server 
and all transactions through an external network involving the smartcard will 
also be handled through the mobile terminal 14. 
25 Fig. 5 shows a scheme where a user at a stationary terminal wants to 

be authorized by a remote network server when using a mobile terminal as 
shown in Fig. 3. The process is started when the user requests the mobile 
terminal to establish contact (1) with the remote server. The request is picked 
up and accepted (2) by the remote server. When contact has been estab- 
30 lished, the remote server sends a random number, called the challenge (3) 
back to the mobile terminal. The mobile terminal receives the random num- 
ber (4). Before or during this session the user should be authenticated by the 
IC card. This could for instance be done as indicated by step (5). After au- 
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thentication the received random number is encrypted and returned (6) to the 
remote server. Finally, the encrypted number is decrypted and compared by 
the remote server (7). Further steps may then follow depending on the actual 
application. 

In Fig. 6 the main units of a mobile terminal 14 are shown. The 
smartcard is mounted in a smartcard holder 18. In a preferred embodiment 
the smartcard holder is formed to allow a simple exchange of the smartcard. 
All main units of the mobile terminal 14 are controlled by the micro controller 
15. The micro controller can be a conventional microprocessor or an applica- 
tion specific circuit. A program memory 19 holds the control program used by 
the micro controller and may be formed as a ROM. The software in the pro- 
gram memory controls all functions of the terminal. Data altering during exe- 
cution is stored in a temporary scratchpad memory 20, such as a RAM. 

The mobile terminal is also provided with means for user interaction. 
Data is presented to the user by an output unit 21, such as a LCD. Other 
types of displays and sound output means can also be used. An input unit 
22, such as a keyboard or a device for input of biometric data, is also pro- 
vided in the terminal. 

A unit 23 for wireless communication with a stationary terminal is in- 
cluded and may include an IR or radio unit. There is also included means for 
communication with a stationary terminal via a physical connector 24. A flash 
disk 25 or similar device is provided for storing electronic documents pro- 
duced during transactions and other larger data sets. 

For communication the terminal must be capable of using protocols 
suitable for the different channels that are available, such as radio and IR. 
Even in the case a physical, electrical connection is used for communication 
a protocol must be used. 

The smartcard contains a secure microprocessor with the following 
main parts as shown in Fig. 7. An interface 26 is provided for controlling the 
communication between the card and the terminal. The interface is con- 
nected to a processor 27 capable of performing all the necessary functions of 
the card, including protected access to memory and encryption/decryption of 
data. A ROM or flash memory 28 is used for storing programs, and a RAM 29 
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is used for storing temporary data. A permanent ID section of the card and 
optionally virtual cards is stored in an EEPROM 30. 

The electronic parts of the mobile terminal as shown in Fig. 8 are 
contained in a cover 31 designed to be conveniently carried in a pocket, at- 

5 tached to a belt or similar arrangement. Power is provided by an internal bat- 
tery (not shown). This and the smartcard can be replaced by the user. The 
smartcard has the size of a Plug-in SIM card (ETSI Standard GSM 11.11, 
Annex A). The output unit comprises a LCD 32, and the input unit comprises 
a keyboard 33, preferably including digit keys and a Yes and a No button. In 

io the embodiment shown in Fig. 8 the input unit also comprises a biometric 

sensor 36 that identifies the fingerprint of the user. The wireless communica- 
tion unit includes an IR window 34. Further means related to the wireless 
communication unit, such as an antenna or a coil, are covered by the cover 
31. 

15 Since smartcard readers are often available at transaction terminals 

it could be convenient to use these also to connect mobile terminals. In an 
alternative embodiment of the mobile terminal as shown in Fig. 9 one part of 
the terminal could be shaped as half a smartcard and have a set of smart- 
card connector pads 35 placed according to standard. This part of the termi- 

20 nal could then be inserted into a smartcard reader to provide an electrical 

connection between the terminals for communication. The terminal includes a 
LCD 32, a keyboard 33 and an IR window in conformity with the embodiment 
shown in Fig. 8. 

After authentication of the user different further steps may be taken. 

25 A simple next step would be that the stationary terminal or a remote server 
registers the user and then allow access to data or to a closed and security 
protected area. In another application a key stored in the smartcard is used 
for the encryption of data to be sent from the stationary terminal to the re- 
mote server. In a third application an electronic purchase is requested and 

30 confirmed by the user. The purchase can then be recorded and executed by 
the remote server. 
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CLAIMS 




5 



10 



15 



20 



25 



1. Method for secure digital data transactions, including the steps of: 

a) storing personal identification data, card identification data and a 
transaction program in a protected IC card, 

b) receiving personal identification data in said IC card, 

c) comparing said received personal identification data with said stored 
personal identification data and 

d) executing said transaction program when said personal identification 
data correspond to said stored personal identification data to establish 
contact between said IC card and a stationary terminal, 

characterized by 

e) mounting said IC card in a mobile unit, 

f) transferring said personal identification data to said IC card through 
said mobile unit, and 

g) further executing said transaction program to perform secure digital 
data transactions between said IC card and a stationary terminal 
through said mobile unit. 

2. Method as claimed in claim 1, further including the steps of storing an en- 
cryption key in said protected IC card, executing said transaction program to 
transfer digital data from the stationary terminal to a remote server and apply- 
ing said encryption key for encrypting digital data to be transferred. 

3. Method as claimed in claim 1 , further including the steps of connecting the 
mobile unit to the stationary terminal with a conductive coupling. 

4. Method as claimed in claim 3, further including the steps of connecting the 
mobile unit to the stationary terminal through IC card connector pads ar- 
ranged on the mobile terminal. 



WO 01/82167 




PCT/SE01/00563 



11 



5. Method as claimed in claim 3, further including the steps of transferring 
digital data between the mobile unit and the stationary terminal through a 
wireless connection. 

5 6. Method as claimed in claim 1 , further including the steps of storing in said 
IC card a plurality of application specific card identification data sets, each 
set defining a virtual IC card. 

7. A device for secure digital transactions including an IC card (13) containing 
10 protected personal identification data, card identification data and a transac- 
tion program, 

characterized by a mobile terminal (14) comprising: 

a) receiving means (18) for receiving said IC card (13), 

b) input means (22) for entering personal identification data, 

is c) communication means (23; 24) for performing secure digital data 

transactions between said IC card and a stationary terminal (10). 

8. A device as claimed in claim 7, wherein said input means (22) comprises a 
biometric sensor (36). 

20 

9. A device as claimed in claim 7, wherein said communication means (23; 
24) comprises IC card connector pads (35). 

10. A device as claimed in claim 7, wherein said mobile terminal (14) is pro- 
25 vided with display means (32). 

1 1 . A device as claimed in claim 7, wherein said receiving means (18) is 
operatively connected to a microcontroller (15) and said microcontroller (15) 
is operatively connected to said input means (22) for directing input data to 

30 an IC card received in said receiving means (18). 
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12. A device as claimed in claim 11, wherein said microcontroller (15) is 
operatively connected to storing means (25) for storing transaction history 
data. 
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